Massive data breach hits US health insurer, 3.7m customers warned

Yet another high-profile cyber attack has made waves across America, with health insurer Banner Health warning 3.7 million customers that their data may have been stolen.

The data breach was discovered on July 7 2016, after Banner Health identified that cyber-attackers may have compromised computer systems that process payment card data at food and beverage outlets at some Banner Health locations.

According to a statement by the US insurer, the attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems.

However, six days later the problem worsened for Banner Health, with the insurer learning that the cyber attackers may have gained unauthorised access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers. The patient and health plan information may have included names, birthdates, addresses, physicians’ names, dates of service, claims information, and possibly health insurance information and social security numbers.

Although the insurer was quick to reassure that the breach did not affect all Banner Health customers, a possible 3.7 million customers could be affected by the data breach. Following the example set my other big name companies who have been breached, Banner Health will be offering a free package of benefits for those affected by the breach.

This is just another example of hackers targeting healthcare, with a slew of similar attacks being seen across the world. Just this year a LA hospital was the victim of a ransomware exploitation plot, while a number of German hospitals were left paralyzed after similar ransomware attacks.

“Hospitals are part of the UK’s national critical infrastructure, meaning they are prime targets for criminals who want to cause maximum disruption to get what they want. Unlike banks or businesses where the data held ransom is, say financial, information taken from hospitals is literally a matter of life and death, meaning that ransom payments are going to be paid more often than not.”